<?php
include('include/conf.php');
	//begin verificare data
$id_connect = connect_to_database(HOST, USER, PASS, DATABASE);
if(logged("admin")){
  $sesiune = mysql_real_escape_string($_POST['sesiune']);
  //scoate tipul de operatiune
  if(isset($_POST['op'])){
    $op = $_POST['op'];
//######################################################################
    if($op=="insert_marca"){
      //XML expected
      //check if marca exista
      $marca = mysql_real_escape_string($_POST['marca']);
      $str = "SELECT marca from marca WHERE marca='$marca'";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      if($num != 0){
        send_error_xml(17);
      }
      //inserare marca noua
      $str = "INSERT INTO marca (marca) VALUES ('$marca')";
      mysql_query($str,$id_connect);
      //return back noua schema
      $str = "SELECT marca from marca ORDER BY marca ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        //se construieste xml-ului
        $continut .= "<row label=\"".$value['marca']."\" />";
      }
      //trimite back catre server
      build_xml_packet(10,$continut);
    }
//########################################################################
    if($op=="insert_companie"){
      //String expected
      //check if already exist
      $companie = mysql_real_escape_string($_POST['companie']);
      $str = "SELECT companie from companie WHERE companie='$companie'";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      if($num != 0){
        send_error_xml(18);
      }
      $str = "INSERT INTO companie (companie) VALUES ('$companie')";
      mysql_query($str,$id_connect);
      success();
    }
//########################################################################
    if($op=="insert_credit"){
    //XML expected. se populeaza lista credite
      $marca = mysql_real_escape_string($_POST['marca']);
      $model = mysql_real_escape_string($_POST['model']);
      $companie = mysql_real_escape_string($_POST['companie']);
      $cost = mysql_real_escape_string($_POST['cost']);
      if((!is_numeric($cost))||($cost<=0)){
        send_error_xml(16);
      }
      //check if exist
      $str = "SELECT marca from credit WHERE marca='$marca' AND model='$model' AND companie='$companie'";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      if($num != 0){
        send_error_xml(19);
      }
      //insert
      $str = "INSERT INTO credit (marca,model,companie,cost) VALUES ('$marca','$model','$companie','$cost')";
      mysql_query($str,$id_connect);
      //insert credit creat pentru fiecare client existent
      $str = "SELECT nume FROM clienti WHERE tip_cont='client'";
      $result = mysql_query($str,$id_connect);
      while($value=mysql_fetch_assoc($result)){
        $nume = $value['nume'];
        $str = "INSERT INTO credit_clienti (nume,marca,model,companie,cost) VALUES ('$nume','$marca','$model','$companie','$cost')";
        mysql_query($str,$id_connect);
      }
      $str = "SELECT * FROM credit ORDER BY marca ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        $continut .= "<row marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" />";
      }
      build_xml_packet(9,$continut);
    }
//########################################################################
    if($op=="insert_model"){
      //String expected
      //check if exist
      $marca = mysql_real_escape_string($_POST['marca']);
      $model = mysql_real_escape_string($_POST['model']);
      $str = "SELECT model from model WHERE marca='$marca' AND model='$model'";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      if($num != 0){
        send_error_xml(19);
      }
      //insert
      $str = "INSERT INTO model (marca, model) VALUES ('$marca','$model')";
      mysql_query($str,$id_connect);
      success();
    }
//########################################################################
  if($op=="insert_imei"){
      //String expected
      $marca = mysql_real_escape_string($_POST['marca']);
      $model = mysql_real_escape_string($_POST['model']);
      $companie = mysql_real_escape_string($_POST['companie']);
      $imei = mysql_real_escape_string($_POST['imei']);
      $unlock = mysql_real_escape_string($_POST['unlock']);
      $nume = mysql_real_escape_string($_POST['nume']);
      $cost = mysql_real_escape_string($_POST['pret']);
      //mai intai se verifica credit. Acesta nu poate fi 0 sau string sau negativ
      if(!check_numar($cost)||($cost<=0)){
        send_error_xml(16);
      }
      //mai intai check credit
      $str = "SELECT cr_ramas,lang,mail from clienti WHERE nume='$nume'";
      $result = mysql_query($str,$id_connect);
      $value = mysql_fetch_assoc($result);
      $cr_ramas = $value['cr_ramas'];
      $lang = $value['lang'];
      $mail_to = $value['mail']; 
      if($cr_ramas>=$cost){
        //este credit. begin transaction
        //se verifica daca nu exista deja imeiul
        $str = "SELECT unlock_code from coduri WHERE imei='$imei'";
        $result = mysql_query($str, $id_connect);
        $num = mysql_num_rows($result);
        if($num != 0){
          //send reply cu codul de unlock
          $value = mysql_fetch_assoc($result);
          $unlock = $value['unlock_code'];
          $continut = "<row imei_exist=\"1\" imei=\"$imei\" unlock=\"$unlock\" />";
          build_xml_packet(9,$continut);
          //send_error_xml(12);
        }
        //mai intai update credit
        $str = "UPDATE clienti SET cr_consumat=cr_consumat+$cost, cr_ramas=cr_ramas-$cost WHERE nume='$nume'";
        mysql_query($str,$id_connect);
        //insert imei
        $data_in = time();
        //set data_out numai daca este setat $unlock
        if($unlock != ""){
          $data_out = time()+600;
        }else{
          $data_out = "";
        }
        if($unlock == ""){
          $status = "wait";
        }else{
          $status = "done";
        }
        $str = "INSERT INTO coduri (nume, imei, unlock_code, marca, model, companie, data_in, data_out, cost, status) VALUES ('$nume','$imei','$unlock','$marca','$model','$companie','$data_in','$data_out','$cost','$status')";
        $result = mysql_query($str,$id_connect);
        if(!$result){
		     send_error_xml(mysql_error());
		    }
		    //send mail to john. Verifica daca este trimis si special code, ca sa fie bagat in mail
		    if(file_exists('languages/'.$lang.'.php')){
		        require_once('languages/'.$lang.'.php');
		    }else{
            require_once('languages/en.php');
        }
        $data_in = date("d-M-Y  H:i",$data_in);        
		    send_mail($mail_to,$imei,$marca,$model,$companie,$unlock,$data_in,$mess);
        //send custom message
        $continut = "<row imei_exist=\"0\" />";
        build_xml_packet(9,$continut);
      }else{
        //eroare credit insuficient
        $continut = "<row credit_fault=\"1\" />";
        build_xml_packet(9,$continut);
        //send_error_xml(12);
      }
    }
//########################################################################
    if($op=="insert_unlock"){
      //XML string
      $nume = mysql_real_escape_string($_POST['nume']);
      $imei = mysql_real_escape_string($_POST['imei']);
      $cost = mysql_real_escape_string($_POST['cost']);
      $cost2 = mysql_real_escape_string($_POST['cost2']);
      if(!check_numar($cost)||($cost<=0)){
        send_error_xml(16);
      }
      if(check_numar($cost2)&&($cost2>0)){
        $diff_cost = $cost2-$cost;
        $cost = $cost2;
        //paranoia
        if(!check_numar($diff_cost)){
          send_error_xml(16);
        }
      }
      $unlock = mysql_real_escape_string($_POST['unlock']);
      if(($unlock == "undefined")||($unlock == "")){
        send_error_xml(13);  
      }
      $data_out = time();
      //cazul cand unlock este "unknow"
      if(strtolower($unlock) == "unknow"){
        //se restitue creditul
        $str = "UPDATE clienti SET cr_consumat=cr_consumat-$cost, cr_ramas=cr_ramas+$cost WHERE nume='$nume'";
        mysql_query($str,$id_connect);
        //set cost egal cu zero
        $cost = 0;
      }
      //daca este setat $diff_cost atunci se actualizeaza contul client cu noul credit
      if(isset($diff_cost)){
        $str = "UPDATE clienti SET cr_consumat=cr_consumat+$diff_cost, cr_ramas=cr_ramas-$diff_cost WHERE nume='$nume'";
        mysql_query($str,$id_connect);
      }
      //update coduri cu valoare de unlock
      $str = "UPDATE coduri SET unlock_code='$unlock', data_out='$data_out', status='done', cost='$cost' WHERE nume='$nume' AND imei='$imei'";
      mysql_query($str,$id_connect);
      //return lista de imeiuri in asteptare
      $str = "SELECT * FROM coduri WHERE status='wait' ORDER BY data_in DESC";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $count = 0;
      //do output
      while($value=mysql_fetch_assoc($result)){
        $data_in = date("d-M-y H:i", $value['data_in']);
        $count++;
        //se construieste coprul xml-ului
        $continut .= "<row no=\"".$count."\" nume=\"".$value['nume']."\" imei=\"".$value['imei']."\" marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" data_in=\"".$data_in."\" cost=\"".$value['cost']."\" />";
      }
      build_xml_packet(9,$continut,$num);
      //send mail
      //mai intai se scot datele necesare din baza de date
      $str = "SELECT coduri.data_in,coduri.marca,coduri.model,coduri.companie,clienti.mail,clienti.lang FROM coduri, clienti WHERE clienti.nume=coduri.nume AND coduri.imei='$imei'";
      $result = mysql_query($str,$id_connect);
      $value = mysql_fetch_assoc($result);
      $lang = $value['lang'];
      $mail_to = $value['mail'];
      $marca = $value['marca'];
      $model = $value['model'];
      $companie = $value['companie'];
      $date_in = $value['date_in'];
      if(file_exists('languages/'.$lang.'.php')){
		        require_once('languages/'.$lang.'.php');
		  }else{
            require_once('languages/en.php');
      }
      $data_in = date("d-M-Y  H:i",$data_in);        
      send_mail($mail_to,$imei,$marca,$model,$companie,$unlock,$date_in,$mess);
    }
//######################################################################## modif credit cost clienti
    if($op=="insert_credit_new_cost"){
    //XML expected
      $nume = mysql_real_escape_string($_POST['nume']);
      $marca = mysql_real_escape_string($_POST['marca']);
      $model = mysql_real_escape_string($_POST['model']);
      $companie = mysql_real_escape_string($_POST['companie']);
      $cost = mysql_real_escape_string($_POST['cost']);
      $str = "UPDATE credit_clienti SET cost='$cost' WHERE nume='$nume' AND marca='$marca' AND model='$model' AND companie='$companie'";
      mysql_query($str,$id_connect);
      //trimite back noua lista
      $str = "SELECT * FROM credit_clienti WHERE nume='$nume' ORDER BY marca ASC";
      $result = mysql_query($str,$id_connect);
      $count=0;
      //do output
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $count++;
        $continut .= "<row no=\"".$count."\" marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" cost=\"".$value['cost']."\" cost2=\"\" />";
      }
      build_xml_packet(9,$continut,$num);
    }
//######################################################################## modif. credit cost
    if($op=="credit_new_cost"){
    //null expected
      $marca = mysql_real_escape_string($_POST['marca']);
      $model = mysql_real_escape_string($_POST['model']);
      $companie = mysql_real_escape_string($_POST['companie']);
      $cost = mysql_real_escape_string($_POST['cost']);
      $str = "UPDATE credit SET cost='$cost' WHERE marca='$marca' AND model='$model' AND companie='$companie'";
      mysql_query($str,$id_connect);
      success();
    }
//########################################################################
    if($op=="insert_client"){
    //String expected
      $nume = mysql_real_escape_string($_POST['nume']);
      $parola = mysql_real_escape_string($_POST['parola']);
      $mail = mysql_real_escape_string($_POST['mail']);
      $phone = mysql_real_escape_string($_POST['phone']);
      $credit = mysql_real_escape_string($_POST['credit']);
      $comment = mysql_real_escape_string($_POST['comment']);
      //se verifica daca clientul nu exista deja
      $str = "SELECT nume FROM clienti WHERE nume='$nume'";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      if($num != 0){
        send_error_xml(14);
      }
      //check mail format
      if(!checkEmail($mail)){
        send_error_xml(15);
      }
      //check credit format
      if(!check_numar($credit)||($credit<0)){
        send_error_xml(16);
      }
      $str = "INSERT INTO clienti (nume, parola, mail, phone, cr_total, cr_ramas) VALUES ('$nume','$parola','$mail','$phone','$credit','$credit')";
      mysql_query($str,$id_connect);
      //insert credit in credit clienti
      $str = "SELECT * FROM credit ORDER BY marca ASC";
      $result = mysql_query($str,$id_connect);
      while($value=mysql_fetch_assoc($result)){
        $marca = $value['marca'];
        $model = $value['model'];
        $companie = $value['companie'];
        $default_cost = $value['cost'];
        $str = "INSERT INTO credit_clienti (nume, marca, model, companie, cost) VALUES ('$nume','$marca','$model','$companie', '$default_cost')";
        mysql_query($str,$id_connect);
      }
      //insert comment in plati
      $data_plata = time();
      $str = "INSERT INTO plati (nume,data_plata,comentariu,suma) VALUES ('$nume','$data_plata','$comment','$credit')";
      mysql_query($str,$id_connect);
      success();
    }
//########################################################################
    if($op=="update_client_data"){
    //String expected
      $nume = mysql_real_escape_string($_POST['nume']);
      $parola = mysql_real_escape_string($_POST['parola']);
      $mail = mysql_real_escape_string($_POST['mail']);
      $phone = mysql_real_escape_string($_POST['phone']);
      $str = "UPDATE clienti SET parola='$parola', mail='$mail', phone='$phone' WHERE nume='$nume'";
      mysql_query($str,$id_connect);
      success();
    }
//########################################################################
    if($op=="update_credit_client"){
    //XML return pentru afisare
      $nume = mysql_real_escape_string($_POST['nume']);
      $valoare = mysql_real_escape_string($_POST['val']);
      $comentariu = mysql_real_escape_string($_POST['comentariu']);
      if(!check_numar($valoare)){
        send_error_xml(16);
      }
      $str = "UPDATE clienti SET cr_total=cr_total+'$valoare', cr_ramas=cr_ramas+$valoare WHERE nume='$nume'";
      mysql_query($str,$id_connect);
      //insert in plati
      $data_plata = time();
      $str = "INSERT INTO plati (nume,data_plata,comentariu,suma) VALUES ('$nume','$data_plata','$comentariu','$valoare')";
      mysql_query($str,$id_connect);
      //return xml
      $str = "SELECT cr_total, cr_ramas, cr_consumat FROM clienti WHERE nume='$nume'";
      $result = mysql_query($str,$id_connect);
      $value = mysql_fetch_assoc($result);
      $continut = "<row total=\"".$value['cr_total']."\" consumat=\"".$value['cr_consumat']."\" ramas=\"".$value['cr_ramas']."\" />";
      build_xml_packet(9,$continut);
    }
//########################################################################
    if($op=="get_marca"){
      //XML expected
      //se scot marcile pentru a popula combo
      $str = "SELECT marca from marca ORDER BY marca ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $continut .= "<row label=\"".$value['marca']."\" />";
      }
      //trimite back catre server
      build_xml_packet(9,$continut);
    }
//########################################################################
    if($op=="get_companie"){
    //XML expected
      $str = "SELECT companie FROM companie ORDER BY companie ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $continut .= "<row label=\"".$value['companie']."\" />";
      }
      //trimite back catre server
      build_xml_packet(9,$continut);
    }
//########################################################################
    if($op=="get_companie_credit"){
    //XML expected
      $model = mysql_real_escape_string($_POST['model']);
      $marca = mysql_real_escape_string($_POST['marca']);
      $str = "SELECT companie FROM credit WHERE marca='$marca' AND model='$model' ORDER BY companie ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $continut .= "<row label=\"".$value['companie']."\" />";
      }
      //trimite back catre server
      build_xml_packet(9,$continut);
    }
//########################################################################
    if($op=="get_model"){
    //XML expected
      $marca = mysql_real_escape_string($_POST['marca']);
      $str = "SELECT model FROM model WHERE marca='$marca'";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $continut .= "<row label=\"".$value['model']."\" />";
      }
      //trimite back catre server
      build_xml_packet(9,$continut);
    }
//########################################################################
    if($op=="get_all_model"){
    //XML expected
      $str = "SELECT model FROM model ORDER BY model ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $continut .= "<row label=\"".$value['model']."\" />";
      }
      //trimite back catre server
      build_xml_packet(9,$continut);
    }
//########################################################################
    if($op=="get_clienti_name"){
    //XML expected
      $str = "SELECT nume FROM clienti WHERE tip_cont='client' ORDER BY nume ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $continut .= "<row label=\"".$value['nume']."\" />";
      }
      //trimite back catre server
      build_xml_packet(9,$continut);
    }
//########################################################################
    if($op=="get_clienti_list"){
    //XML expected
      $str = "SELECT * FROM clienti WHERE tip_cont = 'client' ORDER BY nume ASC";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $count = 0;
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $count++;
        $continut .= "<row no=\"".$count."\" nume=\"".$value['nume']."\" parola=\"".$value['parola']."\" mail=\"".$value['mail']."\" phone=\"".$value['phone']."\" total=\"".$value['cr_total']."\" consumat=\"".$value['cr_consumat']."\" ramas=\"".$value['cr_ramas']."\" />";
      }
      build_xml_packet(9,$continut,$num);
    }
//########################################################################
    if($op=="get_clienti_search"){
    //XML expected
      $nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT * FROM clienti WHERE tip_cont = 'client' AND nume LIKE '$nume%' ORDER BY nume ASC";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $cost=0;
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $cost++;
        $continut .= "<row no=\"".$cost."\" nume=\"".$value['nume']."\" parola=\"".$value['parola']."\" mail=\"".$value['mail']."\" phone=\"".$value['phone']."\" total=\"".$value['cr_total']."\" consumat=\"".$value['cr_consumat']."\" ramas=\"".$value['cr_ramas']."\" />";
      }
      build_xml_packet(9,$continut,$num);
    }
//#########################################################################
    if($op=="get_client_plati"){
    //XML expected
      $nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT * FROM plati WHERE nume='$nume' ORDER BY data_plata DESC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      $no=0;
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $no++;
        $data = date("d-M-Y", $value['data_plata']);
        $continut .= "<row no=\"".$no."\" comentariu=\"".$value['comentariu']."\" suma=\"".$value['suma']."\" data=\"".$data."\" />";
      }
      build_xml_packet(9,$continut,$num);
    }
//#########################################################################
    if($op=="get_pret"){
    //String expected
      $marca = mysql_real_escape_string($_POST['marca']);
      $model = mysql_real_escape_string($_POST['model']);
      $companie = mysql_real_escape_string($_POST['companie']);
      $nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT cost FROM credit_clienti WHERE nume='$nume' AND marca='$marca' AND model='$model' AND companie='$companie'";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      if($num == 1){
        $value=mysql_fetch_assoc($result);
        $cost = $value['cost'];
        //data reprezinta pret. data este atribuita propritatii str_out din class LoaderVlad
        $continut = "<row cost=\"$cost\" />";
        build_xml_packet(9,$continut);
      }else{
        //asta inseamna nici un rezultat sau mai multe
        send_error_xml(11);
      }     
    }
//#########################################################################
    if($op=="get_imei_list"){      
    //XML expected
      $str = "SELECT * FROM coduri WHERE status='wait' ORDER BY data_in DESC";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $count = 0;
      //do output
      while($value=mysql_fetch_assoc($result)){
        $count++;
        $data_in = date("d-M-y H:i", $value['data_in']);
        //se construieste coprul xml-ului
        $continut .= "<row no=\"".$count."\" nume=\"".$value['nume']."\" imei=\"".$value['imei']."\" unlock=\"\" marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" data_in=\"".$data_in."\" cost=\"".$value['cost']."\" cost2=\"\" />";
      }
      build_xml_packet(9,$continut,$num);      
    }
//#########################################################################
    if($op=="get_imei_search"){      
    //XML expected
      $imei = mysql_real_escape_string($_POST['imei']);
      $str = "SELECT * FROM coduri WHERE imei LIKE '%$imei%' ORDER BY data_in DESC";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $count = 0;
      //do output
      while($value=mysql_fetch_assoc($result)){
        $data_in = date("d-M-y H:i", $value['data_in']);
        $count++;
        if($value['data_out'] != ""){
          $data_out = date("d-M-y H:i", $value['data_out']);
        }else{
          $data_out = "";
        }
        //se construieste coprul xml-ului
        $continut .= "<row no=\"".$count."\" nume=\"".$value['nume']."\" imei=\"".$value['imei']."\" unlock=\"".$value['unlock_code']."\" marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" data_in=\"".$data_in."\" data_out=\"".$data_out."\" cost=\"".$value['cost']."\" />";
      }
      build_xml_packet(9,$continut,$num);      
    }
//#########################################################################
  if($op=="get_imei_search_vechi"){      
    //XML expected
      $id_connect = connect_to_database(HOST, USER, PASS, "imeiserver");
      $imei = mysql_real_escape_string($_POST['imei']);
      $str = "SELECT imei.imei, imei.unlock_code, imei.formated_imei_type, imei.data_in, imei.data_out, clienti.nume FROM imei, clienti WHERE imei.imei LIKE '%$imei%' AND imei.user_id=clienti.id ORDER BY data_in DESC LIMIT 50";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $count = 0;
      //do output
      while($value=mysql_fetch_assoc($result)){
        $data_in = date("d-M-y H:i", $value['data_in']);
        $count++;
        if($value['data_out'] != ""){
          $data_out = date("d-M-y H:i", $value['data_out']);
        }else{
          $data_out = "";
        }
        //se construieste coprul xml-ului
        $continut .= "<row no=\"".$count."\" nume=\"".$value['nume']."\" imei=\"".$value['imei']."\" unlock=\"".$value['unlock_code']."\" tipo=\"".$value['formated_imei_type']."\" data_in=\"".$data_in."\" data_out=\"".$data_out."\" />";
      }
      build_xml_packet(9,$continut,$num);      
    }
//#########################################################################
    if($op=="get_credit_list"){      
    //XML expected
      $nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT * FROM credit_clienti WHERE nume='$nume' ORDER BY marca ASC";
      $result = mysql_query($str,$id_connect);
      $count = 0;
      //do output
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $count++;
        $continut .= "<row no=\"".$count."\" marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" cost=\"".$value['cost']."\" cost2=\"0\" />";
      }
      build_xml_packet(9,$continut,$num);      
    }
//#########################################################################
    if($op=="get_credit_type"){ 
    //XML expected 
      $str = "SELECT * FROM credit ORDER BY marca ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        $continut .= "<row marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" cost=\"".$value['cost']."\" />";
      }
      build_xml_packet(9,$continut);
    }
//#########################################################################
    if($op=="get_plati"){ 
    //XML expected 
      $dupa_nume = mysql_real_escape_string($_POST['dupa_nume']);
      if($dupa_nume){
        $nume = mysql_real_escape_string($_POST['nume']);
        $str = "SELECT * FROM plati WHERE nume='$nume' ORDER BY data_plata DESC LIMIT 50";
      }else{
        $str = "SELECT * FROM plati ORDER BY data_plata DESC LIMIT 50";
      }
      $result = mysql_query($str,$id_connect);
      $continut = "";
      $count = 0;
      while($value=mysql_fetch_assoc($result)){
        $count++;
        $data_plata = date("d-M-y H:i", $value['data_plata']);
        $continut .= "<row no=\"".$count."\" nume=\"".$value['nume']."\" comentariu=\"".$value['comentariu']."\" suma=\"".$value['suma']."\" data=\"".$data_plata."\" />";
      }
      build_xml_packet(9,$continut);
    }
//#########################################################################
    if($op=="reduce_credit"){
    //String expected
      $nume = mysql_real_escape_string($_POST['nume']);
      $cost = mysql_real_escape_string($_POST['pret']);
      if(!check_numar($cost)||($cost<=0)){
        send_error_xml(16);
      }
      $str = "UPDATE clienti SET cr_consumat=cr_consumat+$cost, cr_ramas=cr_ramas-$cost WHERE nume='$nume'";
      mysql_query($str,$id_connect);
      success();
    }
//#########################################################################
    if($op=="delete_imei"){
    //XML expected
      $imei = mysql_real_escape_string($_POST['imei']);
      //scoate numele si costul
      $str = "SELECT nume, cost FROM coduri WHERE imei='$imei'";
      $result = mysql_query($str,$id_connect);
      $value = mysql_fetch_assoc($result);
      $nume = $value['nume'];
      $cost = $value['cost'];
      //delete imei
      $str = "DELETE FROM coduri WHERE imei='$imei'";
      mysql_query($str,$id_connect);
      //restaureaza creditul
      $str = "UPDATE clienti SET cr_ramas=cr_ramas+$cost, cr_consumat=cr_consumat-$cost WHERE nume='$nume'";
      mysql_query($str,$id_connect);
      //returneaza lista cu imeiuri in asteptare
      $str = "SELECT * FROM coduri WHERE status='wait' ORDER BY data_in DESC";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $count = 0;
      //do output
      while($value=mysql_fetch_assoc($result)){
        $data_in = date("d-M-y H:i", $value['data_in']);
        $count++;
        //se construieste coprul xml-ului
        $continut .= "<row no=\"".$count."\" nume=\"".$value['nume']."\" imei=\"".$value['imei']."\" marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" data_in=\"".$data_in."\" cost=\"".$value['cost']."\" />";
      }
      build_xml_packet(9,$continut,$num);      
    }
//#########################################################################
    if($op=="delete_client"){
    //XMP expected
      $nume = mysql_real_escape_string($_POST['nume']);
      $str = "DELETE FROM clienti WHERE nume='$nume'";
      mysql_query($str,$id_connect);
      //sterge si din credit clienti
      $str = "DELETE FROM credit_clienti WHERE nume='$nume'";
      mysql_query($str,$id_connect);
      //return xml cu clientii ramasi
      $str = "SELECT * FROM clienti WHERE tip_cont = 'client' ORDER BY nume ASC";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $count = 0;
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $count++;
        $continut .= "<row no=\"".$count."\" nume=\"".$value['nume']."\" parola=\"".$value['parola']."\" mail=\"".$value['mail']."\" phone=\"".$value['phone']."\" total=\"".$value['cr_total']."\" consumat=\"".$value['cr_consumat']."\" ramas=\"".$value['cr_ramas']."\" />";
      }
      build_xml_packet(9,$continut,$num);
    }
//#########################################################################
   if($op=="delete_credit"){
   //XML expected, populare lista credite
      $marca = mysql_real_escape_string($_POST['marca']);
      $model = mysql_real_escape_string($_POST['model']);
      $companie = mysql_real_escape_string($_POST['companie']);
      $str = "DELETE FROM credit WHERE marca='$marca' AND model='$model' AND companie='$companie'";
      mysql_query($str,$id_connect);
      $str = "DELETE FROM credit_clienti WHERE marca='$marca' AND model='$model' AND companie='$companie'";
      mysql_query($str,$id_connect);
      //build xml cu lista de credite ramasa
      $str = "SELECT * FROM credit ORDER BY marca ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        $continut .= "<row marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" />";
      }
      build_xml_packet(9,$continut);      
   }
//#########################################################################
  }else{
    send_error_xml(8);
  }	
}else{
  send_error_xml(2);
}
?>
